Week 2: Get Smart About ‘Smart’ Devices

Warm Up: Learn a New Term 

For our warm up this week, let’s talk about data minimization. This is the idea that devices, products, and services should only collect and store the data they need to operate effectively, and shouldn’t use that data for anything else. 

Let’s get specific. 

Social media companies may need your phone number to offer multi-factor authentication, but they shouldn’t turn around and use those phone numbers to target advertisements at you. 

Amazon’s Alexa may need to record children’s voices to respond to voice commands, but it shouldn’t keep those recordings indefinitely and use them to train its algorithms.

In absence of data minimization, companies currently leave consumers exposed for fraud, financial scams, and other abuses. According to Pew Research, 34% of U.S. adults have experienced either fraudulent changes on their debit or credit card, email/social media accounts being taken over without permission, or had an attempt to open a line of credit or apply for a loan in their name in the past year. The Federal Trade Commission (FTC) reported that consumers are losing nearly $8.8 billion to fraud in 2022, an increase of more than 30 percent over the previous year. Some of these fraudulent charges are from accounts the consumer was no longer using. Had their credit card information been removed, it wouldn’t have been vulnerable to data breaches. 

While it’s on the company to practice data minimization, we can also take steps to minimize how much information tech companies collect about us and thereby limit the information that can be sold, stolen, or given away. CR believes that all products and services should be built around the concept of data minimization, and we’re working for it to be a core tenant of privacy legislation (more to come on this in a later workout!)

Workout: Set Up Your Smart Speaker for Privacy 

So, what are we going to do about it!? Well, not all devices practice good data minimization automatically, but many of them have settings that can reduce the data they collect and share. For this workout, we’re looking at smart speakers. You can mute the device to make sure it’s not listening if you’re not using it, review or delete past recordings, opt out of programs that use your recordings to improve voice recognition, and even set a PIN to prevent unwanted purchases.  If you don’t have a smart speaker,  don’t worry. You can check our stretch goals for other devices that could be doing a better job of data minimization. 

Download this workout

Stretch Goals

Catch a second wind? Here’s more you can do to continue your data workout!      

• More Connected Devices: You can minimize your data with Smart TVs too. Read up on How to Turn Off Smart TV Snooping Features to continue your workout. Security Planner offers tips on how to secure your Home Security Cameras, Gaming Consoles and Fitness Trackers too.  
• Continue Reading
  • CR is currently advocating for the creation of an IoT (“Internet of Things”) security label for consumer connected devices in light of the recent launch of the U.S. Cyber Trustmark
  • CR also has done a ton of investigative reporting on connected devices:

• • • What You Say to Google Assistant and Alexa (but Not Siri) Gets Used for Ad Targeting. Here’s How
    • Smart Appliances Promise Convenience and Innovation. But Is Your Privacy Worth the Price?
    • Facial Recognition Is Coming to Your Neighborhood Through Home Security Cameras and Video Doorbells
  • The FTC has some pretty strong stances on data minimization too. In fact in their most recent ruling, they are requiring the deletion of customer information two years after the last time the information was used.  More on that next week when we cover the political landscape!